(984) 465-1010
(984) 465-1010

Client Trust

Commitment to Our Clients

Exceeding clients’ expectations is our top priority. Dauntless Discovery is committed to maintaining trust with every client through security and transparency. The following information includes compliance, privacy, and operations security practices at Dauntless Discovery.

Compliance

Compliance Program

ISO 27001, an internationally recognized specification for an Information Security Management System (ISMS), is the only auditable standard that deals with the overall management of information security, rather than just which technical controls to implement. Dauntless has obtained ISO 27001 certification for its commitment to establishing and following security policies and procedures. A copy of our certificate can be accessed here.

Reports                                                                                                            

Dauntless compliance certifications and attestations are available under NDA. For more information about Dauntless Discovery’s compliance certifications and programs, please reach out to your Dauntless account representative or security@dauntlessdiscovery.com. 

Security

Security Team

Dauntless Discovery has a dedicated CISO who reports to the President and COO, with responsibilities focused on enterprise security, awareness and training, vulnerability management, incident management, secure logging and monitoring, security risk management, supplier risk management, and identity and access management.

Background Checks

Background checks are performed on all Dauntless Discovery staff based in the U.S. and within our international review center. All personnel are required to sign confidentiality agreements upon hire.

Security Awareness

Policies

Dauntless has developed security policies and procedures based on ISO 27001. All employees are required to acknowledge an understanding of these policies upon hire and annually thereafter.

Training

All employees must successfully complete a security awareness training program upon hire and annually thereafter.

Supplier Security

Dauntless Discovery uses a defined, tier-based security model to evaluate all prospective vendors’ criticality and exposed residual risk. These evaluations involve a combination of security questionnaires and cybersecurity certification reviews with all third parties.

Security Monitoring and Alerting

Dauntless Discovery monitors all activity logs and alerts are generated for anomalies which are investigated by the security team.

Vulnerability Management

Dauntless Discovery participates in the Department of Homeland Security’s CyberHygiene program and conducts annual penetration testing for all internet-facing assets. Our IT team regularly performs patch management activities on servers, workstations, and networking devices. Additionally, secure endpoint configurations are determined and approved for all user work activities.

In addition to vulnerability management security testing, Dauntless Discovery contracts with a third-party firm to perform annual penetration tests.

Logical Access

Dauntless Discovery employs the principle of least privilege, restricting access to client data repositories to authorized users on a need-to-know basis. Client data is logically isolated with strict access controls to prevent data leakage.

Security Incident Response

Dauntless Discovery has a defined incident response policy and plan that prescribes appropriate actions for triage and escalation of all potential incidents. Dauntless Discovery also performs tabletop exercises with key stakeholders to ensure all relevant staff understand their roles and responsibilities in supporting the incident response plan.

Encryption

In Transit
Dauntless Discovery encrypts all communications with industry-standard HTTPS/TLS 1.2/1.3+ between public networks and Dauntless Discovery clients to protect all data.

At Rest
Dauntless Discovery employs full-disk encryption (FDE) to protect data-at-rest.

Business Continuity and Disaster Recovery

Dauntless Discovery’s business continuity and disaster recovery plans are designed with the safety and security of our client data in mind. All data backups are replicated for high availability and redundancy to datacenters that are accredited under ISO 27001, SOC 1 and SOC 2, PCI Level 1, FISMA Moderate, and Sarbanes-Oxley.

Privacy

Privacy Policy

Dauntless Discovery maintains a privacy program that monitors regulatory requirements with oversight from dedicated privacy personnel. Dauntless Discovery’s privacy policy can be found here.